1

I'm currently running an openldap server on a debian machine

Distributor ID: Debian
Description:    Debian GNU/Linux 8.7 (jessie)
Release:    8.7
Codename:   jessie

Slapd version

@(#) $OpenLDAP: slapd  (Jan 16 2016 23:00:08) $
    root@chimera:/tmp/buildd/openldap-2.4.40+dfsg/debian/build/servers/slapd

I've transform the official schema into an ldif with following tutorial here

Worked perfectly my kerberos ldifs, but when I try to apply the apple.ldif, I encounter a 

SASL/EXTERNAL authentication started
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
SASL SSF: 0
adding new entry "cn=apple,cn=schema,cn=config"
ldap_add: Other (e.g., implementation specific) error (80)
    additional info: olcObjectClasses: AttributeType not found: "acctFlags"

So far, some blogs say that this isn't a critical attribute, and could be directly removed.

I wanted to know if that's "normal" to just remove some attributes directly from the official schema (same schema I can also get from directly some iMacs in the infrastructure) ?

Tolsadus
  • 1,183
  • 11
  • 23

2 Answers2

3

This question and 84104's answer ended up pointing me in the right direction. apple.schema doesn't list its dependencies, but most (if not all) of the others do.

Here are the schemas I needed to load (and in this order) to satisfy all the dependencies and convince slapd to load apple.schema:

core.schema
cosine.schema
inetorgperson.schema
nis.schema
samba.schema
apple_auxillary.schema
apple.schema
Joshua Basch
  • 31
  • 2
2

No, it's not normal to remove attributes. If you're missing an attribute it usually means you're missing some other dependent schema.

In this case it looks like Apple's samba schema. This may in turn rely on other schema, but I suspect they've provided the complete set.

84104
  • 12,905
  • 6
  • 45
  • 76